Abstract
Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front.
Original language | English |
---|---|
Title of host publication | 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) |
Publisher | IEEE |
Pages | 545-558 |
Number of pages | 14 |
ISBN (Print) | 979-8-3503-4793-7 |
DOIs | |
Publication status | Published - 2023 |
Event | 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023 - Porto, Portugal Duration: 27 Jun 2023 → 30 Jun 2023 Conference number: 53 |
Conference
Conference | 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023 |
---|---|
Abbreviated title | DSN 2023 |
Country/Territory | Portugal |
City | Porto |
Period | 27/06/23 → 30/06/23 |
Fingerprint
Dive into the research topics of 'Cost-damage analysis of attack trees'. Together they form a unique fingerprint.Datasets
-
Code and data used in the experiment section of the publication: Cost-damage analysis of attack trees
Lopuhaä-Zwakenberg, M. (Creator), 4TU.Centre for Research Data, 5 Apr 2023
DOI: 10.4121/afd36f9c-4e84-4420-80f4-66ca02b217bb, https://data.4tu.nl/datasets/afd36f9c-4e84-4420-80f4-66ca02b217bb and 2 more links, https://data.4tu.nl/datasets/afd36f9c-4e84-4420-80f4-66ca02b217bb/1, https://doi.org/10.4121/afd36f9c-4e84-4420-80f4-66ca02b217bb.v1 (show fewer)
Dataset